Email this article to a friend

DHS faces challenges in coordinating cyber efforts across government

The Homeland Security Department has received a mixed report from the inspector general on coordinating cyber
operations across government, along with seven recommendations for improvement.

The IG conducted an audit of the National Protection and Programs Directorate.
NPPD is primarily responsible for providing crisis management in response to cyber
attacks and coordinating the sharing of cyber information.

A recent spike in cyber attacks has led to increased collaboration between the
government and private sector, the report said. The Office of Cybersecurity and
Communications (CS&C) within NPPD is "responsible for integrating cyber threat
information from the five federal cybersecurity centers and collaborating with
these centers in responding to cyber security incidents that may pose a threat to
the nation."

The report commended NPPD on some of its actions in coordinating cyber efforts
between other federal centers. NPPD has established partnerships and increased
communication by participation in regular meetings.

In collaboration with the FBI, it has also issued Joint Indicator Bulletins "to
assist private sector partners in preventing cyber attacks and protecting
intellectual property, trade secrets and sensitive business information from
exploitation and theft."

Despite these advances, the report said DHS still faces challenges in sharing
cyber information across the government. The IG report cited a lack of
standardized cyber incident reporting categories and insufficient staffing levels
as a few of the challenges.

Because the various federal cyber operations centers do not have a standard set of
categories to report cyber incidents, it makes it more difficult to share and
coordinate data, the report said.

The Defense Department uses a 10-incident category system,
while DHS
uses a
7-incident category system. DoD developed a matrix to show the commonalities and
differences between the two systems, but "officials believe that further actions
are needed."

CS&C said the guidelines should focus on the effects of a cyber incident, rather
than solely what happened. The IG recommended that DHS collaborate with DoD and
the National Institute of Standards and Technology to develop a standardized way
to report cyber incidents and "ensure seamless information sharing."

The report also recommended increasing staffing so that analysts are able to
respond to cyber attacks that may happen at any time, along with specialized
training for the analysts.

Because of sequestration, NPPD suspended all training in March 2013. To meet
training requirements, NPPD personnel attended free courses through DHS'
centralized learning management system and local conferences. However, these
courses do not "provide incident responders with the specialized training needed
to perform
their assigned functions," the report said.

The IG report's final recommendations were around NPPD's outdated continuity of
operations plan (COOP).

The purpose of COOP is to maintain and restore business operations in the event of
an emergency or disaster. The report said the NPPD did not update its COOP to
reflect the directorate's realignment in October 2012. As a result, subcomponents
of NPPD must rely on an outdated plan to restore mission-essential function in the
event of an emergency.

The report said NPPD concurs with all of the recommendations and will take the
necessary measures to implement them.